Passport authentication strategy against LDAP server. This module is a Passport strategy wrapper for ldapauth-fork
var LdapStrategy = require('passport-ldapauth').Strategy;
passport.use(new LdapStrategy({
server: {
url: 'ldap://localhost:389',
...
}
}));If you wish to e.g. do some additional verification or initialize user data to local database you may supply a verify callback which accepts user object and then calls the done callback supplying a user, which should be set to false if user is not allowed to authenticate. If an exception occured, err should be set.
var LdapStrategy = require('passport-ldapauth').Strategy;
passport.use(new LdapStrategy({
server: {
url: 'ldap://localhost:389',
...
}
},
function(user, done) {
...
return done(null, user);
}
));npm install passport-ldapauth
-
server: LDAP settings. These are passed directly to ldapauth-fork. See its documentation for all available options.url: e.g.ldap://localhost:389adminDn: e.g.cn='root'adminPassword: Password for adminDnsearchBase: e.g.o=users,o=example.comsearchFilter: LDAP search filter, e.g.(uid={{username}}). Use literal{{username}}to have the given username used in the search.searchAttributes: Optional array of attributes to fetch from LDAP server, e.g.['displayName', 'mail']. Defaults toundefined, i.e. fetch all attributestlsOptions: Optional object with options accepted by Node.js tls module.
-
usernameField: Field name where the username is found, defaults to username -
passwordField: Field name where the password is found, defaults to password -
passReqToCallback: Whentrue,reqis the first argument to the verify callback (default:false):passport.use(new LdapStrategy(..., function(req, user, done) { ... done(null, user); } ));
Note: you can pass a function instead of an object as options, see the example below
var express = require('express'),
passport = require('passport'),
LdapStrategy = require('passport-ldapauth').Strategy;
var OPTS = {
server: {
url: 'ldap://localhost:389',
adminDn: 'cn=root',
adminPassword: 'secret',
searchBase: 'ou=passport-ldapauth',
searchFilter: '(uid={{username}})'
}
};
var app = express();
passport.use(new LdapStrategy(OPTS));
app.configure(function() {
app.use(express.bodyParser());
app.use(passport.initialize());
});
app.post('/login', passport.authenticate('ldapauth', {session: false}), function(req, res) {
res.send({status: 'ok'});
});
app.listen(8080);Simple example config for connecting over ldaps:// to a server requiring some internal CA certificate (often the case in corporations using Windows AD).
var fs = require('fs');
var opts = {
server: {
url: 'ldaps://ad.corporate.com:636',
adminDn: 'non-person@corporate.com',
adminPassword: 'secret',
searchBase: 'dc=corp,dc=corporate,dc=com',
searchFilter: '(&(objectcategory=person)(objectclass=user)(|(samaccountname={{username}})(mail={{username}})))',
searchAttributes: ['displayName', 'mail'],
tlsOptions: {
ca: [
fs.readFileSync('/path/to/root_ca_cert.crt')
]
}
}
};
...Instead of providing a static configuration object, you can pass a function as options that will take care of fetching the configuration. It will be called with a callback function having the standard (err, result) signature. Notice that the provided function will be called on every authenticate request.
var getLDAPConfiguration = function(callback) {
// Fetching things from database or whatever
process.nextTick(function() {
var opts = {
server: {
url: 'ldap://localhost:389',
adminDn: 'cn=root',
adminPassword: 'secret',
searchBase: 'ou=passport-ldapauth',
searchFilter: '(uid={{username}})'
}
};
callback(null, opts);
});
};
var LdapStrategy = require('passport-ldapauth').Strategy;
passport.use(new LdapStrategy(getLDAPConfiguration,
function(user, done) {
...
return done(null, user);
}
));MIT